The NVIDIA GPU kernel-level driver for FreeBSD does not properly sanitize pointers from user space before dereferencing them.

Exploit Scope and Risk:

To exploit this vulnerability, an attacker must influence the value of pointers passed to the NVIDIA kernel module. This typically requires permission to access the /dev/nvidia* device nodes and the ability to run code as a local user. By crafting special pointers, the attacker has the ability to read or write arbitrary memory in kernel space, which can lead to denial of service, data leaks, data corruption, or privilege escalation and arbitrary code execution.

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA is not aware of an implementation of this exploit in the field.

Vulnerable Configurations:

The NVIDIA GPU FreeBSD kernel module (nvidia.ko) must be loaded for the vulnerability to be present. Typically, the module will be configured when the driver is installed to be automatically loaded when the system boots. NVIDIA GPU drivers for other platforms are not affected.

Vulnerability Discovery:

This vulnerability was discovered during a routine code audit internal to NVIDIA.

Fix:

NVIDIA recommends that users upgrade to a fixed version of the FreeBSD driver. In addition, a patch is available that can be applied to older driver versions. The patch is equivalent to that applied to the newer driver versions. The patch file is available here:FreeBSD Driver patch file